Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

provider: support TLS certs configured by strings. #184

Merged
merged 2 commits into from
Jan 14, 2021
Merged

provider: support TLS certs configured by strings. #184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0fd19a3
provider: support TLS certs configured by strings.
jrasell Jan 12, 2021
abe76ae
Merge branch 'master' into f-gh-181
jrasell Jan 14, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 39 additions & 14 deletions nomad/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,30 +23,50 @@ func Provider() terraform.ResourceProvider {
DefaultFunc: schema.EnvDefaultFunc("NOMAD_ADDR", nil),
Description: "URL of the root of the target Nomad agent.",
},

"region": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("NOMAD_REGION", ""),
Description: "Region of the target Nomad agent.",
},
"ca_file": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("NOMAD_CACERT", ""),
Description: "A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.",
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("NOMAD_CACERT", nil),
Description: "A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.",
ConflictsWith: []string{"ca_pem"},
},
"ca_pem": {
Type: schema.TypeString,
Optional: true,
Description: "PEM-encoded certificate authority used to verify the remote agent's certificate.",
ConflictsWith: []string{"ca_file"},
},
"cert_file": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("NOMAD_CLIENT_CERT", ""),
Description: "A path to a PEM-encoded certificate provided to the remote agent; requires use of key_file.",
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("NOMAD_CLIENT_CERT", nil),
Description: "A path to a PEM-encoded certificate provided to the remote agent; requires use of key_file or key_pem.",
ConflictsWith: []string{"cert_pem"},
},
"cert_pem": {
Type: schema.TypeString,
Optional: true,
Description: "PEM-encoded certificate provided to the remote agent; requires use of key_file or key_pem.",
ConflictsWith: []string{"cert_file"},
},
"key_file": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("NOMAD_CLIENT_KEY", ""),
Description: "A path to a PEM-encoded private key, required if cert_file is specified.",
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("NOMAD_CLIENT_KEY", nil),
Description: "A path to a PEM-encoded private key, required if cert_file or cert_pem is specified.",
ConflictsWith: []string{"key_pem"},
},
"key_pem": {
Type: schema.TypeString,
Optional: true,
Description: "PEM-encoded private key, required if cert_file or cert_pem is specified.",
ConflictsWith: []string{"key_file"},
},
"vault_token": {
Type: schema.TypeString,
Expand Down Expand Up @@ -114,10 +134,15 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
conf := api.DefaultConfig()
conf.Address = d.Get("address").(string)
conf.Region = d.Get("region").(string)
conf.SecretID = d.Get("secret_id").(string)

// TLS configuration items.
conf.TLSConfig.CACert = d.Get("ca_file").(string)
conf.TLSConfig.ClientCert = d.Get("cert_file").(string)
conf.TLSConfig.ClientKey = d.Get("key_file").(string)
conf.SecretID = d.Get("secret_id").(string)
conf.TLSConfig.CACertPEM = []byte(d.Get("ca_pem").(string))
conf.TLSConfig.ClientCertPEM = []byte(d.Get("cert_pem").(string))
conf.TLSConfig.ClientKeyPEM = []byte(d.Get("key_pem").(string))

// Get the vault token from the conf, VAULT_TOKEN
// or ~/.vault-token (in that order)
Expand Down
19 changes: 14 additions & 5 deletions website/docs/index.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,14 +44,23 @@ The following arguments are supported:
authority used to verify the remote agent's certificate. This can also be
specified as the `NOMAD_CACERT` environment variable.

- `ca_pem` `(string: "")` - PEM-encoded certificate authority used to verify
the remote agent's certificate.

- `cert_file` `(string: "")` - A local file path to a PEM-encoded certificate
provided to the remote agent. If this is specified, `key_file` is also
required. This can also be specified as the `NOMAD_CLIENT_CERT` environment
variable.
provided to the remote agent. If this is specified, `key_file` or `key_pem`
is also required. This can also be specified as the `NOMAD_CLIENT_CERT`
environment variable.

- `cert_pem` `(string: "")` - PEM-encoded certificate provided to the remote
agent. If this is specified, `key_file` or `key_pem` is also required.

- `key_file` `(string: "")` - A local file path to a PEM-encoded private key.
This is required if `cert_file` is specified. This can also be specified via
the `NOMAD_CLIENT_KEY` environment variable.
This is required if `cert_file` or `cert_pem` is specified. This can also be
specified via the `NOMAD_CLIENT_KEY` environment variable.

- `key_pem` `(string: "")` - PEM-encoded private key. This is required if
`cert_file` or `cert_pem` is specified.

- `vault_token` `(string: "")` - A Vault token used when [submitting the job](https://www.nomadproject.io/docs/job-specification/job#vault_token).
This can also be specified as the `VAULT_TOKEN` environment variable or using a
Expand Down